kibana
kibana copied to clipboard
elastic
[Security in Core] Exposes `apiKeys` from `core.security.authc`
Summary
Expose apiKeys as a service under core.security.authc.apiKeys.
Closes https://github.com/elastic/kibana/issues/184764
Details
PR introduces a new API Keys Service which is accessible under the authc namespace in core.security. The service exposes the public API that was already available on the server-side in the security plugin.
The service is initialized and registered with core using the delegate_api - allowing access to the service within the core plugin without the need for the security plugin.
Note: I had to move quite a few types/functions around to prevent cyclical dependencies.
Plugins and the APIs that use the current apiKeys function from the security plugin
Expand for table with details
| Plugin | File | API used | Can be migrated |
|---|---|---|---|
| alerting | x-pack/plugins/alerting/plugin/server.ts | areApiKeysEnabled() | ✅ |
| x-pack/plugins/alerting/server/rules_client_factory.ts | grantAsInternalUser() | ❌ | |
| x-pack/plugins/alerting/server/task.ts | invalidatedAsInternalUser() | ❌ | |
| enterprise_search | x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys | create() | ✅ |
| x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts | create() | ✅ | |
| fleet | x-pack/plugins/fleet/server/routes/setup/handlers.ts | areApiKeysEnabled() | ✅ |
| x-pack/plugins/fleet/server/services/api_keys/security | invalidateAsInternalUser() | ❌ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts | grantAsInternalUser() | ❌ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts | areApiKeysEnabled() | ✅ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts | areAPIKeysEnabled() | ✅ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys_privileges.ts | areAPIKeysEnabled() | ✅ | |
| observability_solution | /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts | areAPIKeysEnabled | ✅ |
| validate | ✅ | ||
| grantAsInternalUser | ❌ | ||
| /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts | invalidateAsInternalUser | ❌ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts | invalidateAsInternalUser | ❌ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts | create | ✅ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/synthetics/server/routes/synthetics_service/enablement.ts | invalidateAsInternalUser | ❌ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/observability_solution/synthetics/server/synthetics_service/get_api_key.ts | validate | ✅ | |
| areAPIKeysEnabled | ✅ | ||
| grantAsInternalUser | ❌ | ||
| create | ✅ | ||
| serverless_search | /Users/sidmantri/Sites/kibana/x-pack/plugins/serverless_search/server/routes/api_key_routes.ts | create | ✅ |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/transform/server/routes/api/reauthorize_transforms/route_handler_factory.ts | grantAsInternalUser | ❌ | |
| /Users/sidmantri/Sites/kibana/x-pack/plugins/upgrade_assistant/server/lib/reindexing/credential_store.ts | grantAsInternalUser | ❌ | |
| invalidateAsInternalUser | ❌ | ||
| areAPIKeysEnabled() | ✅ |
:yellow_heart: Build succeeded, but was flaky
- Buildkite Build
- Commit: 1faeaa4d5923bb820879448b99bef7ff1ecd9bc6
Failed CI Steps
The CI Stats report is too large to be displayed here, check out the CI build annotation for this information.
History
- :green_heart: Build #218616 succeeded df6e9456f24e01696610beb9327e248d1f5f350b
- :yellow_heart: Build #218562 was flaky 7435d8728d0ccf0e3795f7dbe020d776e2e169e7
- :green_heart: Build #218536 succeeded caddc9014d1108c7455e7b13e3ccee4b1ef1c4e1
- :broken_heart: Build #218500 failed 7b2c26faf377a405bbce6fa3ba2fffefdaed48fd
- :broken_heart: Build #218260 failed 50c100fa375c84a8e03d8bc5f505d7d32d8d1994
- :broken_heart: Build #218239 failed 54952ea044bf04f6889f25a868db3cffbf7d60ac
To update your PR or re-run it, just comment with:
@elasticmachine merge upstream
cc @elena-shostak
:yellow_heart: Build succeeded, but was flaky
- Buildkite Build
- Commit: b65a66608eda08874a8f80efade785e1a84c867d
Failed CI Steps
Metrics [docs]
Public APIs missing comments
Total count of every public API that lacks a comment. Target amount is 0. Run
node scripts/build_api_docs --plugin [yourplugin] --stats commentsfor more detailed information.
| id | before | after | diff |
|---|---|---|---|
@kbn/core-security-server |
16 | 63 | +47 |
@kbn/core-security-server-mocks |
13 | 15 | +2 |
@kbn/security-plugin-types-server |
121 | 154 | +33 |
security |
206 | 222 | +16 |
| total | +98 |
Any counts in public APIs
Total count of every any typed public API. Target amount is 0. Run
node scripts/build_api_docs --plugin [yourplugin] --stats anyfor more detailed information.
| id | before | after | diff |
|---|---|---|---|
@kbn/core-security-server |
0 | 1 | +1 |
@kbn/security-plugin-types-server |
0 | 1 | +1 |
| total | +2 |
Unknown metric groups
API count
| id | before | after | diff |
|---|---|---|---|
@kbn/core-security-server |
52 | 146 | +94 |
@kbn/core-security-server-mocks |
13 | 15 | +2 |
@kbn/security-plugin-types-server |
216 | 275 | +59 |
security |
415 | 438 | +23 |
| total | +178 |
History
- :green_heart: Build #219625 succeeded 6c85ea3641bc482d3a0c65dd7b49ae749f19cd01
cc @elena-shostak